package com.test01;

import com.test01.utils.JdbcUtils;

import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

public class SQL注入 {
    public static void main(String[] args) {
        login("zsh","123456");
    }

    //登录业务
    public static void login(String username,String password){
        Connection cn = null;
        Statement st = null;
        ResultSet rs = null;

        try {
            cn = JdbcUtils.getConnection();
            st = cn.createStatement();

            //sql
            String sql = "SELECT * FROM users WHERE `name` = \'" + username
                    + "\' AND `password` = \'" + password +"\'";
            rs = st.executeQuery(sql);

            while (rs.next()){
                System.out.println(rs.getInt("id"));
                System.out.println(rs.getString("name"));
                System.out.println(rs.getString("password"));
                System.out.println(rs.getString("email"));
                System.out.println(rs.getObject("birthday"));
            }
        } catch (SQLException e) {
            e.printStackTrace();
        }finally {
            JdbcUtils.releaseConnection(cn,st,rs);
        }


    }
}
